“Virtualization” in a device may comprise at least one virtual machine (VM) to execute an operating system (OS), etc. in a software environment that emulates actual device hardware. In this manner, more than one VM may use a single set of device hardware to emulate multiple devices. Software executing in a guest VM may be unaffected by software executing in other guest VMs unless malicious software (e.g., “malware”) in a guest VM is configured to attack other guest VMs. Intel CPU virtualization (Intel® VT-x) capabilities include Extended Page Tables (EPTs) that may be utilized by a Virtual Machine Monitor (VMM) to protect the VMM memory (also called host memory) from being accessed by untrusted guests. EPT structures may map guest physical memory addresses (GPA) to host physical memory addresses (HPA), whereas OS-managed guest paging structures may map guest linear addresses (GLA) to GPAs. When employing EPTs, the VMM is not required to shadow guest OS paging structures to administrate access control since the VMM may safely isolate/contain guest physical addresses to corresponding host physical addresses to maintain inter-guest memory isolation and host memory access restrictions. However, malware that is operating in a guest OS may freely alter GLA to GPA mappings, allowing for data substitution or code re-mapping attacks on the guest OS. An OS accessing a security-critical data structure may instead access malware installed data, may execute invalid code in an alternate GPA, etc. reached through a malicious mapping.
Moreover, EPT structures may be configured to protect individual memory pages through permissions such as, for example read only, read/write/execute, non-executable, etc. An attempt to access a memory page that violates the set permission may generate an interrupt to the VMM. While these protections may be effective, their granularity is limited to a per-memory page basis. As a result, an attempt to execute code in any portion of a memory page configured with a non-executable permission may cause an interrupt to be generated to the VMM, which may be costly to handle at least from the standpoint of data processing overhead in a device.
Although the following Detailed Description may proceed with reference being made to illustrative embodiments, many alternatives, modifications and variations thereof may be apparent to those skilled in the art.